{"vulnerability": "CVE-2023-2631", "sightings": [{"uuid": "be7d06a4-2785-45de-b487-04da305577fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26319", "type": "seen", "source": "https://t.me/cibsecurity/72063", "content": "\u203c CVE-2023-26319 \u203c\n\nImproper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T12:17:17.000000Z"}, {"uuid": "1d087ddb-c875-4b64-8050-9aa7750903d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26314", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7938", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.\n\ud83d\udccf Published: 2023-02-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T16:24:08.746Z\n\ud83d\udd17 References:\n1. https://www.openwall.com/lists/oss-security/2023/01/05/1\n2. https://bugs.debian.org/972146\n3. https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html", "creation_timestamp": "2025-03-18T16:51:29.000000Z"}, {"uuid": "373adbb2-1813-452b-b664-79e4f8d2b21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2631", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2650", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2631\n\ud83d\udd39 Description: A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\ud83d\udccf Published: 2023-05-16T18:06:59.001Z\n\ud83d\udccf Modified: 2025-01-22T20:33:38.273Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3118", "creation_timestamp": "2025-01-22T21:02:11.000000Z"}, {"uuid": "23bd3dc7-ad91-4172-8504-b00614b9395e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26315", "type": "seen", "source": "https://t.me/cvedetector/4139", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26315 - Xiaomi Router AX9000 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-26315 \nPublished : Aug. 26, 2024, 12:15 p.m. | 42\u00a0minutes ago \nDescription : The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T15:23:59.000000Z"}, {"uuid": "a8dd1197-0448-4f7a-aae2-bb940b43c38c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26318", "type": "seen", "source": "https://t.me/cibsecurity/72060", "content": "\u203c CVE-2023-26318 \u203c\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T12:17:14.000000Z"}, {"uuid": "21129a61-1a49-47c0-a377-b4f7fc25b57f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26316", "type": "seen", "source": "https://t.me/cibsecurity/67597", "content": "\u203c CVE-2023-26316 \u203c\n\nA XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T21:41:57.000000Z"}, {"uuid": "79927099-1433-4139-b402-e581728f3c84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26310", "type": "seen", "source": "https://t.me/cibsecurity/68080", "content": "\u203c CVE-2023-26310 \u203c\n\nThere is a command injection problem in the old version of the mobile phone backup app.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T12:16:41.000000Z"}, {"uuid": "291e7c7e-b712-42d7-a514-38cf81d2f8d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26311", "type": "seen", "source": "https://t.me/cibsecurity/68187", "content": "\u203c CVE-2023-26311 \u203c\n\nA remote code execution vulnerability in the webview component of OPPO Store app.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T14:15:50.000000Z"}, {"uuid": "b96674ab-bd71-4e41-a5ed-49d407fe6976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26317", "type": "seen", "source": "https://t.me/cibsecurity/67595", "content": "\u203c CVE-2023-26317 \u203c\n\nA vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T20:48:08.000000Z"}, {"uuid": "02b28519-7794-4e6a-9017-f19c3ebdfa6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2631", "type": "seen", "source": "https://t.me/cibsecurity/64252", "content": "\u203c CVE-2023-2631 \u203c\n\nA missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:44.000000Z"}]}